Building a bootc image for Red Hat Enterprise Linux (RHEL) “Image Mode” requires Red Hat Subscription Entitlement details. This can be tricky to get from the build server. Let’s fix that.
Category: Linux
Ansible is not ideal for use with bootc, but for anyone with a lot of Ansible automation it’s hard to pivot to “the next thing”. Let’s use Ansible anyway..
To know what’s changing in a new bootc (Bootable Container) image use container tooling to generate a Software Bill of Materials (SBOM).
Getting bootc initially installed is a little different since it needs an ostree based OS. You could install a bootc image into any running Linux host, but I’ve been playing with Fedora CoreOS and using Ignition/Butane to configure Fedora CoreOS. So let’s use Fedora CoreOS on the host for bootstrapping bootc.
Red Hat UBI (Universal Base Images) are great. Except when you need to install a pervious package version, you can’t. By default RHEL Universal Base Images ship with only the latest version of packages. So how can you “rollback” if one of the package apps has a problem?
bootc has the potential to be groundbreaking (for Enterprise server Linux). A scalable and immutable OS for servers. (Although I like the term Atomic better).
This provides a way for using different versions of a program based on the current directory name. By adding this example code to the .bashrc file, users can run a unique terraform version based on the directory name.
The Raspberry Pi 5 is critiqued for its high price and limited HEVC GPU video decoding. The Raspberry Pi 3B+ is recommended for small projects, while a Beelink Mini S12 Pro is suggested as an alternative that offers more power and comparable price without being on pre-order. For those wary of expenditure, a cheap laptop is also a viable option.
Red Hat Enterprise Linux 9 (RHEL 9) and Docker don’t get along very well. Running a container that requires older iptables (and not nftables) can be a problem.
Out of the box, security with Docker (and Docker Swarm) over the network is bad. Okay, that’s not entirely true. Out of the box when you have no containers started, it’s fine. But after you start a container, and if you publish a port, they are exposed to the outside world by default. And it’s not easy to fix. You need to create a custom Docker firewall with iptables.